Cybercrime Costs Rising: HP Report

The median annualized cost of cybercrime incurred by a benchmark sample of organizations was $5.9 million per year.

Cyberattacks increasingly plague businesses and government
organizations, resulting in significant financial impact, despite
widespread awareness, according to a report released by
Hewlett-Packard. The study found that recovery and detection are the
most costly internal activities, suggesting a significant
cost-reduction opportunity for organizations that are able to automate
detection and recovery through enabling security technologies.
Conducted by the Ponemon Institute, the Second Annual Cost of Cyber
Crime Study revealed that the median annualized cost of cybercrime
incurred by a benchmark sample of organizations was $5.9 million per
year, with a range of $1.5 million to $36.5 million each year per
organization. This represents an increase of 56 percent from the median
cost reported in the inaugural study published in July 2010.

"Instances of cybercrime have continued to increase in both
frequency and sophistication, with the potential impact to an
organization's financial health becoming more substantial," said Tom
Reilly, vice president and general manager of HP's enterprise security,
division. "Organizations in the most targeted industries are reducing
the impact by leveraging security and risk management technologies,
which is grounds for optimism in what continues to be a fierce fight
against cybercrime."

The report found cyberattacks have become common occurrences. Over a
four-week period, the organizations surveyed experienced 72 successful
attacks per week, an increase of nearly 45 percent from last year. More
than 90 percent of all cybercrime costs were caused by malicious code,
denial of service, stolen devices and web-based attacks.
Cyberattacks can be costly if not resolved quickly. The average time
to resolve a cyberattack is 18 days, with an average cost to
participating organizations of nearly $416,000. This represents a
nearly 70 percent increase from the estimated cost of $250,000 over a
14-day resolution period in last year's study. Results also showed that
malicious insider attacks could take more than 45 days to contain.
The report also indicated deploying advanced security intelligence
and risk management solutions can mitigate the impact of cyberattacks.
Organizations that had deployed security information and event
management (SIEM) solutions realized a cost savings of nearly 25
percent, resulting from the enhanced ability to quickly detect and
contain cybercrimes. As a result, these organizations experienced a
substantially lower cost of recovery, detection and containment than
organizations that had not deployed SIEM solutions.
"As the sophistication and frequency of cyberattacks increases, so
too will the economic consequences," said Dr. Larry Ponemon, chairman
and founder, Ponemon Institute. "Figuring out how much to invest in
security starts with understanding the real cost of cybercrime."

Nathan Eddy is Associate Editor, Midmarket, at eWEEK.com. Before joining eWEEK.com, Nate was a writer with ChannelWeb and he served as an editor at FierceMarkets. He is a graduate of the Medill School of Journalism at Northwestern University.